Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233352e302f32342d3234203d3e2039303039.roa
File:                     38322e3133392e3233352e302f32342d3234203d3e2039303039.roa (raw, json)
Hash identifier:          GXcL+a3W+NtFcUGorq04a89gAknAGuL8qi35IrRLlLw=
Subject key identifier:   46:80:DA:FC:DB:E6:4B:16:26:66:4C:C5:EE:B2:AD:51:3C:B8:00:AC
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       345B3E9D1E01F240F6AD89609F6183B911F216D4
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233352e302f32342d3234203d3e2039303039.roa
Signing time:             Thu 04 Sep 2025 10:40:06 +0000
ROA not before:           Thu 04 Sep 2025 10:35:06 +0000
ROA not after:            Thu 03 Sep 2026 10:40:06 +0000
asID:                     9009
IP address blocks:        82.139.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 12:34:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:5b:3e:9d:1e:01:f2:40:f6:ad:89:60:9f:61:83:b9:11:f2:16:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep  4 10:35:06 2025 GMT
            Not After : Sep  3 10:40:06 2026 GMT
        Subject: CN=4680DAFCDBE64B1626664CC5EEB2AD513CB800AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:bc:ef:af:96:0f:e3:e4:ce:75:ea:3b:e4:
                    f4:52:3e:bc:36:b5:1a:45:46:23:f8:22:10:be:19:
                    8c:49:9e:fe:54:f3:6e:a7:28:91:7c:2b:8f:ba:23:
                    0d:b7:2c:de:90:39:14:e6:ec:76:02:f7:d9:eb:46:
                    d1:d9:21:4d:90:8a:e8:45:d9:2e:fc:0b:6b:24:55:
                    d0:b5:52:b3:ba:0a:4b:db:54:7b:c6:77:35:f0:16:
                    b8:4b:e6:a7:f3:fe:d8:6a:b4:6e:84:8f:95:72:80:
                    d4:4f:9c:f7:f7:9e:8c:e8:2d:8c:dc:cd:5f:65:d9:
                    dd:10:25:de:a2:cd:7b:ad:50:8d:c6:e5:d6:9d:24:
                    32:17:2a:cc:72:ce:be:e0:81:c9:03:a7:2f:c9:ca:
                    cf:11:a7:a1:ad:59:9b:81:08:4f:46:f0:39:c1:d1:
                    82:35:ad:01:e8:36:44:66:6a:f0:1d:ea:dc:ea:34:
                    06:09:1c:00:32:0d:77:66:74:ea:32:c3:1f:ae:86:
                    8f:10:9c:6c:cb:f5:32:38:3a:76:1f:db:de:57:00:
                    8c:01:95:c0:9d:53:5a:05:8e:5b:4a:cf:50:8e:c8:
                    52:c2:12:3e:a6:e9:a7:ab:2b:02:2f:79:e2:3a:62:
                    db:a1:28:d9:5f:24:d7:c8:88:f8:21:c2:24:8c:9d:
                    31:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:80:DA:FC:DB:E6:4B:16:26:66:4C:C5:EE:B2:AD:51:3C:B8:00:AC
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/38322e3133392e3233352e302f32342d3234203d3e2039303039.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:7e:3c:80:d1:8d:0c:b9:f2:ad:40:92:04:27:c6:9a:e1:4f:
         8d:a4:1c:e7:25:95:f7:17:9e:74:c8:60:bc:7f:d1:1e:60:f2:
         3b:c6:3f:b7:f0:55:69:5e:08:38:44:52:03:53:87:5f:7b:6b:
         56:b3:75:bd:1f:e3:3a:9b:6b:7a:80:5b:46:3e:d1:ff:cc:8a:
         04:9a:fc:01:92:53:31:70:14:23:31:e3:6b:06:42:b0:88:5e:
         65:c2:cb:7f:2c:5f:c0:9a:7c:2d:20:27:00:98:18:d7:0a:55:
         03:64:f7:5d:51:df:67:87:dd:70:a8:5a:e9:c6:08:a6:a2:32:
         5c:ec:1c:0a:4a:7e:8a:e7:be:bc:48:8f:d1:66:67:d0:f4:35:
         72:de:2e:c4:69:71:b5:7b:30:bb:84:30:8c:50:e5:21:51:91:
         8a:fe:b8:28:3c:81:bb:6b:7b:96:a2:a6:37:29:e2:57:82:db:
         17:c0:72:6c:29:81:df:11:2d:10:e7:29:6c:50:72:ea:ab:cd:
         2a:a2:f1:ab:5c:fb:6a:b9:99:2e:c9:85:47:1a:b8:89:e8:3f:
         73:27:0b:b8:6b:d9:57:1f:bb:61:56:73:00:2d:46:7b:7f:3b:
         89:79:56:83:c2:6e:0c:13:f1:4d:4d:a9:47:57:5f:25:74:90:
         30:6e:e6:4c
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgIUNFs+nR4B8kD2rYlgn2GDuRHyFtQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MDQxMDM1MDZaFw0yNjA5MDMxMDQwMDZaMDMxMTAvBgNV
BAMTKDQ2ODBEQUZDREJFNjRCMTYyNjY2NENDNUVFQjJBRDUxM0NCODAwQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF27zvr5YP4+TOdeo75PRSPrw2
tRpFRiP4IhC+GYxJnv5U826nKJF8K4+6Iw23LN6QORTm7HYC99nrRtHZIU2QiuhF
2S78C2skVdC1UrO6CkvbVHvGdzXwFrhL5qfz/thqtG6Ej5VygNRPnPf3nozoLYzc
zV9l2d0QJd6izXutUI3G5dadJDIXKsxyzr7ggckDpy/Jys8Rp6GtWZuBCE9G8DnB
0YI1rQHoNkRmavAd6tzqNAYJHAAyDXdmdOoywx+uho8QnGzL9TI4OnYf295XAIwB
lcCdU1oFjltKz1COyFLCEj6m6aerKwIveeI6YtuhKNlfJNfIiPghwiSMnTEbAgMB
AAGjggI7MIICNzAdBgNVHQ4EFgQURoDa/NvmSxYmZkzF7rKtUTy4AKwwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwgasGCCsGAQUFBwELBIGeMIGbMIGYBggrBgEFBQcwC4aBi3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUt
OWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvMzgzMjJlMzEzMzM5MmUzMjMz
MzUyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzOTMwMzAzOS5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFKL
6zANBgkqhkiG9w0BAQsFAAOCAQEAbH48gNGNDLnyrUCSBCfGmuFPjaQc5yWV9xee
dMhgvH/RHmDyO8Y/t/BVaV4IOERSA1OHX3trVrN1vR/jOptreoBbRj7R/8yKBJr8
AZJTMXAUIzHjawZCsIheZcLLfyxfwJp8LSAnAJgY1wpVA2T3XVHfZ4fdcKha6cYI
pqIyXOwcCkp+iue+vEiP0WZn0PQ1ct4uxGlxtXswu4QwjFDlIVGRiv64KDyBu2t7
lqKmNyniV4LbF8BybCmB3xEtEOcpbFBy6qvNKqLxq1z7armZLsmFRxq4ieg/cycL
uGvZVx+7YVZzAC1Ge387iXlWg8JuDBPxTU2pR1dfJXSQMG7mTA==
-----END CERTIFICATE-----